Question & Answer
Question
This document describes the different releases, issues, and limitations of the IBM Security Access Manager for Enterprise Single Sign-On version 8.2.1. This document is updated continuously as enhancements, or issues and workarounds are discovered.
Announcement:
Support for ESSO version 8.2.0 and 8.2.1 will not be provided after EOS date, all Users must plan to move to ESSO latest version 8.2.2 before End of Service, 30-April-2023.
For more information, see https://www.ibm.com/support/pages/node/271625
Answer
Version 8.2.1.SSE.1
Released: Dec 2014
The 8.2.1 Service Stream Enhancement 1 (SSE.1) release is composed of the following components:
- AccessAgent with Fix Pack 7
- IMS Server with Fix Pack 5
Version 8.2.1.SSE
Released: June 2014
IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1.SSE, offers new features and currency support. See New in the fix pack.
The 8.2.1 Service Stream Enhancement (SSE) release is composed of the following components:
- AccessAgent with Fix Pack 4
- AccessStudio with Fix Pack 3
- IMS Server with Fix Pack 3
Version 8.2.1
IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1, offers new features and currency support. For features introduced in the generally available release, see New in 8.2.1.
The 8.2.1 GA release is composed of the following components:
- AccessAgent 8.2.1.0191
- AccessStudio 8.2.1.0005
- IMS Server 8.2.1.0.66
Fix packs are also released periodically to provide changes to the software that can resolve known problems, add new functions, or keep the software operating efficiently.
The changes are grouped in the following way:
New features
The following list introduces changes or enhancements that were introduced after the generally available release:
- Profiling enhancements in AccessStudio (AccessStudio Fix Pack 3)
AccessStudio provides the following new features:- You can playback and trace the Observer log files on the AccessStudio Real-Time Logs pane and on the state engine diagram.
- You can assign an AccessProfile version attribute to manage the different versions of a profile.
- You can also assign a script name to a VBScript or a JScript to make the label more meaningful and the AccessProfile easier to troubleshoot.
- For more information, see the AccessStudio Guide.
- IBM Cognos Reporting
IBM Security Access Manager for Enterprise Single Sign-On supports the IBM Cognos reporting framework for report generation. Use IBM Cognos Connection to generate the IBM Security Access Manager for Enterprise Single Sign-On Cognos-based reports. You can also use the bundled report model to customize and generate different types of IBM Security Access Manager for Enterprise Single Sign-On reports that suit your requirements.
Note: IBM Tivoli Common Reporting is currently supported, but is being deprecated. As a best practice, use the IBM Cognos reporting framework for the report generation.
For more information, see Report administration.
- REST Web API (IMS Server Fix Pack 5)
You can create, read, or update an application credential with the IBM Security Access Manager for Enterprise Single Sign-On REST Web API. With the RESTful API based on HTTPS, you can use any client, operating system, or programming language that can submit an HTTP request.
The IBM Security Access Manager for Enterprise Single Sign-On REST Web API replaces the Web API for Credential Management which was accessed through IBM Tivoli Federated Identity Manager Security Token Service (STS). Configure the enterprise directory to Active Directory or Tivoli Directory Server to use the REST Web API.
See the IBM Security Access Manager for Enterprise Single Sign-On 8.2.1 Web API technote.
- UI Automation extensions (AccessAgent Fix Pack 8 and AccessStudio Fix Pack 6)
The UI Automation extension enables IBM® Security Access Manager for Enterprise Single Sign-On administrators or profilers to create AccessProfiles to automate applications that support the Windows UI Automation accessibility framework. For example, applications written using NET Windows Presentation Foundation support Windows UI Automation, out-of-the-box, to access basic controls like Text Fields and Buttons.
See IBM Security Access Manager for Enterprise Single Sign-On support for Observer Extensions.
- Active Directory password synchronization in a non-trusted environment (IMS Server Fix Pack 5 and AccessAgent Fix Pack 8)
Provide support for Active Directory password synchronization when the client workstation's domain does not trust the Active Directory domain that is configured as IMS enterprise directory. Enable this feature to synchronize Active Directory passwords in the non-trusted environment.
See Support for Active Directory password synchronization in a non-trusted environment technote.
Enhancements
For the latest information on product compatibility and system requirements, use the Software Product Compatibility Reports tool.
- WebSphere Application Server 8.5.5 (Supported from IMS Server Fix Pack 7)
IMS Server on WebSphere Application Server 8.5.5 is supported. - BIO-key Biometric Service Provider 1.12 (Available in IMS Server Interim Fix 6 and AccessAgent Fix Pack 10)
BIO-key Biometric Service Provider 1.12 for biometric devices are now supported.
For upgrade instructions, see Upgrading to BIO-key BSP 1.12.
- Windows 8.1 32-bit and 64-bit
IBM Security Access Manager for Enterprise Single Sign-On now supports single sign-on to applications on a Windows 8.1 operating system. However, IBM Security Access Manager for Enterprise Single Sign-On does not support Windows Store applications.
The following deployment and configurations are supported:
- Shared and personal desktop configurations. See Session management.
- Network Provider configuration
- RFID and password authentication factors
- Microsoft Internet Explorer 11
All existing AccessProfiles for web applications that are accessed through Microsoft Internet Explorer 11 on Windows 7 and Windows 8.1 are supported.
See IBM Security Access Manager for Enterprise Single Sign-On Support for Microsoft Internet Explorer 11 on Windows 7.
- Mozilla Firefox Extended Support Release (ESR)
Single sign-on and automation for web applications that are accessed through Mozilla Firefox Extended Support Release 24, 31, and 38 are supported. To enable this support, see Enabling single sign-on support in Mozilla Firefox Extended Support Release.
See IBM Security Access Manager for Enterprise Single Sign-On Support for Mozilla Firefox Extended Support Release.
- Citrix XenDesktop 7.0, 7.1 and 7.5
Single sign-on to virtual desktops and applications hosted on Citrix XenDesktop 7.0, 7.1, and 7.5 is now supported.
- Citrix XenApp 7.5
Single sign-on and authentication services for applications hosted on the Citrix XenApp Server version 7.5, and with Citrix Receiver version 4.1 is now supported.
- Windows Server 2012 support
IBM Security Access Manager for Enterprise Single Sign-On AccessAgent now supports Windows Server 2012 and Windows Server 2012 R2.
- IBM DB2 10.5
IBM Security Access Manager for Enterprise Single Sign-On version 8.2.1 now supports single sign-on and authentication services for applications hosted on IBM DB2 10.5
Application support
Single sign-on AccessProfiles that have been added:
- IBM Rational Host On-Demand
See Single Sign-On AccessProfile for IBM Rational Host On-Demand (HOD).
- IBM Notes 9
See Single Sign-On AccessProfile for IBM Notes.
Performance improvement
- AccessAgent overall performance improvement
There is an overall performance improvement when you start your computer (ESSO Credential Provider is enabled) and when you log on to your account (in network provider configuration).
This improvement is more obvious as the system-scope data, such as policies and AccessProfiles, increases. You can achieve more improved performance when you use a computer with more cores. For example, a quad-core computer is likely to give a better result than a dual-core computer. - The ESSO Credential Provider loading time is reduced on offline or unstable network environments.
Resiliency
- If an IBM Security Access Manager for Enterprise Single Sign-On process is not running, the system triggers a one-time self-recovery process.
- If the ESSO Credential Provider is enabled but fails to initialize within 1-4 minutes, the Windows Logon screen is shown.
Installing
Download and assemble the parts for IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1. See the Download document.
Install and configure the product. For information, see the installation guide. Additionally, see the following technotes:
- For the latest middleware configuration information, see Considerations when installing and configuring WebSphere Application Server and IBM HTTP Server
- If you are are deploying IMS Server on WebSphere Application Server 8.5 or later with Microsoft SQL Server, you must configure non-ASCII character support. See Configuring non-ASCII character support.
Post-installation:
- If you want single sign-on in Mozilla Firefox, see Support for Mozilla Firefox Extended Support Release.
Documentation updates
The following updates are not published in the IBM Security Access Manager Enterprise Single Sign-On documentation:
- Delay app launch policies
The following Terminal Server policies can be accessed from Registry Editor > HKEY_LOCAL_MACHINE > SOFTWARE > IBM > ISAM ESSO > ECSS > DeploymentOptions:
- pid_ts_delay_app_launch_exe_list
- pid_ts_delay_app_launch_timeout_secs
For more information, see the IBM Security Access Manager Enterprise Single Sign-On Terminal Server Policies technote.
- Upgrading the AccessAgent silently
You can upgrade AccessAgent 8.x, or 8.x.x to version 8.2.1 silently.
Before you upgrade AccessAgent, ensure that there is an AccessAgent already installed on your computer. You must also have administrator privileges.
To upgrade AccessAgent silently, do the following tasks:
- Open the command prompt window.
- Go to the installer file directory where setup.exe is located.
- Run the setup.exe /silent ISRootStagePath=<temp path> command.
- Installing the AccessStudio using the Setup.exe file
The AccessStudio installation directory is configured based on the AccessAgent installation path. You cannot change the configured installation directory.
For more information, see the Installing the AccessStudio (Setup.exe) technote.
- Windows XP deprecation
IBM Security Access Manager Enterprise Single Sign-On support for Windows XP is being deprecated. Consider upgrading to a supported operating system. See Hardware and software requirements.
- ImsConfigurationPromptEnabled value for silent or Group Policy Object installations of AccessAgent
In the following topics:
the documentation incorrectly states that the ImsConfigurationPromptEnabled parameter should be 1.
Correct version
ImsConfigurationPromptEnabled
Verify that the value for the ImsConfigurationPromptEnabled parameter is 0.
Related links
For more information about IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1, see the following links:
[{"Product":{"code":"SS9JLE","label":"IBM Security Access Manager for Enterprise Single Sign-On"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.2.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
29 March 2023
UID
swg21653759